Microsoft has released its June 2019 Patch Tuesday update, addressing a total of 129 security vulnerabilities across a suite of its products/platforms.
Of 129 vulnerabilities fixed this month, 11 are rated as 'Critical', meaning they could be exploited by hackers to seize full, remote control over vulnerable machines without requiring any user interaction. One-hundred and nine bugs are rated as 'Important', seven are 'Moderate', while two are 'Low' in severity.
The June 2020 security update is the largest update ever released by the software giant. Earlier in March, the company had fixed 115 bugs, making it the second-largest update by the company. The third-largest update was released in April 2020, which fixed 113 bugs.
According to Microsoft, June update does not include patch for any zero-day bugs being actively exploited in the wild.
The company disclosed that critical flaws exist in Microsoft Edge and VBScript engine (CVE-2020-1219, CVE-2020-1216), which could enable a hacker to remotely execute arbitrary code by tricking a potential target into visiting a malicious website.
After successfully exploiting the bugs, hackers can run commands on the system with the same privileges as the user.
Microsoft Office and Excel have received multiple patches this month. Two bugs in Excel (CVE-2020-1226 and CVE-2020-1225) could be used by hackers to remotely hijack a system running Office by simply tricking a user into opening a booby-trapped document.
CVE-2020-1229 is another weakness existing in most versions of Office that could be exploited to circumvent Office security features by getting a user to preview a malicious document in the preview pane.
Three vulnerabilities fixed in Microsoft Server Message Block (SMB) have been rated as "exploitation more likely" based on Microsoft's Exploitability Index.
Of them, two (CVE-2020-1284 and CVE-2020-1206) exist in Microsoft Server Message Block 3.1.1 (SMBv3) and could be exploited by remote, authenticated attacker.
CVE-2020-1299 is another important vulnerability that needs to be immediately patched by admins. This LNK RCE bug can be triggered by tricking a user into clicking a specially crafted .LNK file.
CVE-2020-1300 is an RCE bug that stems from improper handling of cabinet (.CAB) files by Windows.
Other Microsoft offering that have received patches for security bugs this month include the Internet Explorer, Windows Defender, SharePoint server, Visual Studio, Azure DevOps, ChakraCore, Microsoft Dynamics, and Microsoft Apps for Android.
People using the code may see crashes presenting a blue screen of death
Improper usage was identified as the most common attack vector last year
Redesigned for stealth and adaptability, data-stealing Valak malware targets Microsoft Exchange Server in enterprises
Valak has been rapidly reconfigured for data exfiltration and has been spotted targeting US and German enterprises
It is built on an entirely different codebase and was compiled in November 2019